0

I created a html page with multiple checkboxes.

<input type="checkbox" name="option_one" value="YES" class='checkbox_divs' >Option one<br>
<input type="checkbox" name="option_two" value="YES" class='checkbox_divs' >Option two<br>
<input type="checkbox" name="option_three" value="YES" class='checkbox_divs' >Option Three<br>

The user submits it and a php page is called to send it to a SQL database this way :

$strSQL = "INSERT INTO CLDETAILS (option_one, option_two, option_three)
VALUES
('$_POST[option_one]','$_POST[option_two]','$_POST[option_three]')";   
if (sqlsrv_query($conn,$strSQL))
  {
    echo "Saved !";
  }
else  
{  
  echo "Error Save [".$strSQL."]";
  print_r( sqlsrv_errors());
}  
?>

Everything works fine, just that I would like to emprove my code and avoid having errors like "Notice: Undefined index:...". I know that I should use "isset" but I beggin in PHP, and I don't really know how I should use it. Thanks for your help.

Kris
  • 25
  • 1
  • 1
  • 5
  • 1
    I think your main difficulty is that you're not sure of about [how to prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php) – Álvaro González Jun 24 '13 at 10:23
  • You should mention what's your main point. It seems you want to add all the options if checked, but what you want to add, if only one is checked? – Royal Bg Jun 24 '13 at 10:26
  • you don't need isset (see my answer), but if you really like to go online you should escape the strings to avoid getting hacked. http://php.net/manual/en/security.database.sql-injection.php – Karl Adler Jun 24 '13 at 10:32
  • Your answer includes isset – Royal Bg Jun 24 '13 at 10:34
  • my answer is actually two answers. First version using isset, second using hidden fields – Karl Adler Jun 24 '13 at 10:48

4 Answers4

0

you can use it like this

if(!isset($_POST['option_one'])) 
    $_POST['option_one'] = 'NO';

also make sure you parse you data before you insert it to your database to avoid sql injections and i suggest you use mysqli or pdo

Mihai Vilcu
  • 1,947
  • 18
  • 24
0

try this,

$opt1 = isset($_POST[option_one]) ? $_POST[option_one] : 'NO';
$opt2 = isset($_POST[option_two]) ? $_POST[option_two] : 'NO';
$opt3 = isset($_POST[option_three]) ? $_POST[option_three] : 'NO';
$strSQL = "INSERT INTO CLDETAILS (option_one, option_two, option_three)
VALUES
('".$opt1."','".$opt2."','".$opt3."')";   
if (sqlsrv_query($conn,$strSQL))
  {
    echo "Saved !";
  }
else  
{  
  echo "Error Save [".$strSQL."]";
  print_r( sqlsrv_errors());
}
Kautil
  • 1,321
  • 9
  • 13
0

I have improved your code here

$opt1 = (isset($_POST['option_one'])) ? 1 : 0;
$opt2 = (isset($_POST['option_two'])) ? 1 : 0;
$opt3 = (isset($_POST['option_three'])) ? 1 : 0;
$strSQL = "INSERT INTO CLDETAILS (option_one, option_two, option_three)
VALUES ('$opt1', '$opt2', '$opt3')";   
if (sqlsrv_query($conn,$strSQL)) echo "Saved !";
else  
{  
  echo "Error Save [".$strSQL."]";
  print_r( sqlsrv_errors());
}  
?>
DevZer0
  • 13,433
  • 7
  • 27
  • 51
0
$option = array();
$option[0] = (isset($_POST[option_one])? $_POST[option_one] : NULL);
$option[1] = (isset($_POST[option_two])? $_POST[option_two] : NULL);
$option[2] = (isset($_POST[option_three])? $_POST[option_three] : NULL);

$strSQL = "INSERT INTO CLDETAILS (option_one, option_two, option_three)
VALUES
('$option[0], $option[1], $option[2]')";

OR

add hidden fields with the same name as the checkbox fields to set a standard value for unchecked fields

<input type="hidden" name="option_one" value="NO" >
<input type="checkbox" name="option_two" value="YES" class='checkbox_divs' >Option one<br>
<input type="hidden" name="option_one" value="NO" >
<input type="checkbox" name="option_two" value="YES" class='checkbox_divs' >Option two<br>
<input type="hidden" name="option_three" value="NO" >
<input type="checkbox" name="option_three" value="YES" class='checkbox_divs' >Option Three<br>
Karl Adler
  • 15,780
  • 10
  • 70
  • 88